I know this newspaper article sounds absurd. Even if a machine is compromised we (should) have hardware safe guards in all our devices to prevent the software from damaging the hardware. But is it possible to make a computer explode or catch fire? Has this ever been done?

+1 for teh lulz... If Wikipedia can have a straight-faced article on toilet paper orientation then SE can afford to play straight man to the WWN once in a blue moon :)
–
Eugene SeidelMar 27 '12 at 7:40

11 Answers
11

In 2011 the news was reporting on HP Printers catching fire. HP Responded saying that there was a hardware element called a "thermal breaker" to prevent this from happening. The researcher never produced a burning pile of printer.

Also in 2011 Charlie Miller was researching the firmware on Apple's batteries trying to get them to explode or catch fire.
However the worst he was able to do was brick the battery.

Now lets flash back to 1985. The Therac-25 radiation therapy machine is killing people due to a bug in how the software interacted with hardware. An eariler model had "Hardware Interlocks" which prevented the operator from accidentally overdosing patents with radation.

Edit Feb 2014 - CrowdStrike have demonstrated an attack at RSA on a Mac which overrode temperature controls, powered off the fans and spiked the CPU usage in order to overheat the machine. And while this specific example was limited as fires are not welcomed in the Moscone Centre, the ateam state that they can cause the machine to catch fire.

All of the devices we use should have a hardware control preventing software from damaging the physical world.

But there are some systems where its impractical for hardware to prevent all damage to physical systems. This is the real fear behind vulnerabilities in SCADA systems. It maybe possible for an attacker to remove safety controls used by a power plant or put it into an unstable state.

+1 for "if the computer happens to also be a bomb".
–
Ilmari KaronenMar 27 '12 at 11:15

3

I was going to post an answer that says, "ya, if you strap c4 to it..." but this one is better. Also heard you can blow up CRT monitors... not sure if true, and also not sure if a real threat today as CRTs are mostly gone.
–
JeffMar 27 '12 at 12:41

Well, when I burned my AMD Athlon CPU to the ground when I switched on the computer without the fan attached, all I got was a whisp of smoke :(. That were the days that CPU's did not have thermal sensors, of course. I would not even call it a smoke bomb. The best bet is the battery or the hard disk drive. Or plugging in your computer in a 230 V outlet while it's expecting 110 :) That 21" monitor back in the days did go BOOM when it was accidentally put on 360, I can tell you. But not family shattering.
–
Maarten BodewesOct 20 '14 at 2:01

It's taking me a few minutes to come up with something beyond, "That's patently damn absurd!"

But... I guess like many things, nobody would write it if somebody didn't buy it. My first thought from the formatting and related image is that this was sensationalist crud from a few decades ago. After all, that machine has a 5 1/4" floppy... but they're talking about Amazon.com, so it's not that old.

Sure, there have been instances of software failures killing people, but wholesale madness probably isn't going to happen. Most critical systems, like traffic lights and railroad signaling, have safety systems that back them up. Thus, you'll never see an intersection with opposing lanes having a green light. Even sprinkler systems rarely activate all at once -- that requires a special system known as a "deluge" sprinkler setup. I guess it just looks cooler on screen if they all go off at once.

Granted, Therac-25 is a memorable example of that being improperly designed. We've also seen viruses like Stuxnet that have caused some chaos for certain folks. However, "coming within 2 digits of a 37 digit code to launch nukes at five American cities" is complete bollocks. I mean, if they came within 2, did they know and tell us? Was the military aware of all the codes they tried?

Jack Sparrow: It's the Pearl.

Prisoner: The Black Pearl! I've heard stories. She's been preying on ships and settlements for near ten years. Never leaves any survivors.

Jack Sparrow: No survivors? Then where do the stories come from, I wonder?

If you're going to die in your home from your own technology, it's going to be because you have lousy wiring or some malfunctioning device and don't have smoke detectors (granted, this incident happened because of hot coals).

There's nothing your own PC can do to blow itself up. Unfortunate conditions can cause Li-ion batteries to blow, but not from software (again, interlocks unless the designer wants to go bankrupt). However, those critical interlocks are a consideration for industrial design, but more so for mistakes than for malfeasance. The idea that hackers are going to turn your computer into a bomb, though, is outright scare-mongering of the most pathetic kind.

I think the myth started because it is entirely possible for a computer to "blow up" in the sense that the capacitors blow up and catch the other components (and/or the dust inside them) on fire, but even that is rare (they usually just smoke) and is generally caused by hardware failure. Combined with Hollywood sensationalism, general misunderstanding about how computers actually work, and the fear that hackers want to break into personal computers because they're out to get the individual, and you have a great story.
–
ShaunaMar 27 '12 at 14:29

2

It's a terrific fantasy, though. I mean, who has not longed for the ability to "reach out and touch" some troll on the innertubes that way.
–
Eugene SeidelMar 27 '12 at 15:32

In the old days of Linux, when a 14.4k modem was good and 28.8k was a treasure, and downloading slackware required whole nights, I (very young at the time) was rather worried by a small notice of warning relative to setting the frequency of the monitor in the .Xconfig file. A wrong frequency could, apparently, lead to a failure (and/or explosion!) of the monitor.

I never had the slightest problem with it and don't have idea if it really ever happened. But I am sure that it sounded scary. I think it was in some man pages.

IIRC xvidtune still warns about this - and yes it was possible to kill a monitor / video card (at best you could let the smoke out - not sure if you could actually get one to explode) - but I expect that would be more difficult with modern hardware.
–
symcbeanMar 27 '12 at 12:21

4

Modern CRTs simply switch to displaying a large notice if an unsupported refresh rate is detected. (LCD screens don't have this problem at all.) On the other hand, the last time I destroyed a CRT this way -- maybe 7 years ago, apparently the live CD had been configured to boot straight to 1600x1200 -- it just went dead, not even magic smoke.
–
grawityMar 27 '12 at 14:09

2

I remember this happening to a character in Cryptonomicon (which is fiction, of course), and I wasn't sure what - if anything - could cause this to happen in the real world. It's interesting to hear it's an Xorg issue. I'm glad we don't have to worry about that anymore, given how many times I've borked my Xorg before.
–
chrisallenlaneMar 27 '12 at 21:29

4

@Francesco: in one of my early college English classes, I remember my professor giving a lecture on "a lie that is truer than the truth". Perhaps we can agree to classify Cryptonomicon thusly :)
–
chrisallenlaneMar 27 '12 at 21:48

It's conceivable that in the right circumstances, you can use software to cause this. It would require the computer (laptop) to be plugged in, with access to low-level BIOS system calls to control the battery power. The hacker would have to have intimate knowledge of the manufacturers board design. Usually, li-ion packs are built with an overcharge protection circuit inside the battery, but if it came from China they could have skimped by not including one.

This is most likely due to a short-circuit in the battery instead of an overcharge. It might be conceivable to initiate a short circuit or huge power drain through software, but very unlikely, as power delivered to the control board would fry it first.

It is possible to over clock your CPU/graph card or RAM by software. Overclocking most often results in more heat generated. This may result in hardware damage by heat. And in some cases by setting components (or actually the dust on the component) on fire.

I have never seen it happen. And it is not really a bomb or an explosion. But nevertheless very unpleasant.

@Brad I heard that there used to be a virus floating around that would spin up a certain type of hard drive well beyond its rated speed, causing it to destroy its own disks. This was way back when hardware allowed you to do silly things like that, now you couldn't get a hard drive damaging itself without hardware modifications.

Even a hard drive spinning itself apart wouldn't be that spectacular, kind of underwhelming like when a car engine blows. Its just like loud clicking noises and then the thing doesn't work anymore.

Once upon a time hard drives were big. Really big. Like the size of a washing machine or mini fridge.

Legend has it that because of the size of the platters, it was possible to get them to spin/stop in such a way so as to start moving the case around, or even to make them "walk". Because disk access was more direct back then, programmers could actually write code that would make them move - usually to the detriment of the data, of course.

I originally read about this in The Devouring Fungus. You can find it discussed on the Internet, of course, such as at Snopes (to no firm conclusion). It presents an eerie parallel to the centrifuge destruction wrought by Stuxnet.

Based on my experience with my own washing machine, I find it reasonably likely.

In short: it's possible to trigger a meltdown scenario in a machine if and only if the combinatorial explosion of hardware makes it possible to... err, physically explode the machine. Cue the citation of innumerable examples of potentially dangerous scenarios here, from the full gamut of answers already provided.

In practice, the intersection of some form of unintended unsafe operational hazard and an exploit scenario is very low, but it should be checked for.Governmentandprivateoversight prevents most of these potentially hazardous scenarios, and you can prevent many more of them by simply being an informed consumer.

So, the bottom line is while it's theoretically possible, the concept doesn't generalize. If it did, we'd already be dead by script kiddies exploding machines "for the lulz."

There is definitely some truth to this. Back in the day of the floppy disk, namely 3.5" floppies, I vaguely remember reading something about using ground up tips of match sticks and glueing it to the media inside of the disk. I googled some keywords that I vaguely recall and came up with http://www.overclockers.com/forums/archive/index.php/t-168027.html

I never tried it, but now since I have all sorts of OLD computer equipment that will go to the recycling yard, I might just try it before I do.

I'd say it's plausible and we do have the technology, but it would have to be intentional on a physical level with the exception of the exploited firmware on certain printers. I don't see a way to say speed up a hard drive to the point of catching fire WITHOUT physical modification and the intention to do so.